Privacy, a term that we seldom take enough cognizance of, is gradually changing form. In this technologically infused age, where virtual identities have now taken precedence in our personal and professional lives, the concept of data privacy has become inevitably important.
The celebration of Data Privacy Day on 28 January each year that was initiated in Europe, is now observed by approximately 50 countries in the world. This day, brought into effect to increase awareness around the subject, recognises the need for change in the collective mind-set towards privacy in the digital era.
Here are a few propositions that India has made on this front:
Data privacy and the Indian Constitution
India is gaining incredible traction in terms of technology adoption, and hence rational and well-structure governance in this realm is important.
In relation to data privacy and interpretation under the Indian Constitution, it is unclear if ‘data privacy’ is an implied constitutional right. For instance, late last year (August 2015) in the matter of Justice K S Puttaswamy (Retd.) v Union of India, the Supreme Court allowed (with some limitations) the Unique Identification Authority of India’s (UIDAI) Aadhaar ID system to continue its operations despite its alleged interference with certain aspects of an individual’s privacy. However, the Supreme Court has ‘referred’ the matter to a Constitution Bench to determine the domain and scope of the constitutional right of privacy. Therefore, as the things stands today; there exists a dire need to establish clarity on the norms governing this space. The bench constituting of at least five judges (which is yet to be determined), will play a significant role in shaping India’s future in relation to data privacy. If they decide that the right to privacy is implied, it would not only mean a huge roadblock for the Aadhaar system, but it may also mean more pressure on the creation of a comprehensive draft for the right to privacy bill.
In retrospect, encryption in India witnessed a milestone with a large telecom company finally stopped contesting the request from the Indian Government for their encryption key; thus finally allowing the intelligence and security agencies access to their prized selling proposition. Ironically, the Edward Snowden revelations raised concerns about the extent of surveillance by the authorities, bordering on questionable practices that were allegedly being undertaken.
The Indian authorities have since been taking steps to outline a policy to address such issues. In line with this, the draft National Encryption Policy, issued by the Department of Electronics and Information Technology, was released on 20 September, 2015. Unfortunately, due to the public uproar which transpired post the declaration of the proposed plan, it was withdrawn within matter of days. The draft policy in question would have made citizens store plain-text versions of encrypted data for 90 days to be made available to security agencies, instead of protecting the user’s privacy.
Human DNA Profiling Bill, 2015
Another encounter that is expected in regard to privacy is around the Human DNA Profiling Bill, 2015. This Bill, if passed by the Parliament, is positioned to allow authorities to create a DNA database of the population for quicker solving of criminal cases. The Bill, however does not lay down sufficient safeguards for collection, storage and use of this critical database, and has therefore been halted due to the same concerns.
Have your company create a ripple!
Dealing with data breaches have become more critical over the years, with perpetrators having a thriving market to dabble in. Cybercrime is no longer only a ‘developed market’ problem and the impact can be detrimental for any business. Companies are therefore gunning for more robust policies and deterrent mechanisms on this front. Data loss prevention (DLP) tools are seeing an incredible uptake as the outlook for safeguarding measures is finally taking a proactive turn.
While India is still trying to gauge the best methods to deal with issues around data privacy at a macro level, corporates would be well-served to secure their path toward progress.